Уязвимость обхода HSTS на поддомене при определённых конфигурациях HSTS в Firefox, Firefox ESR и Thunderbird
Описание
При определённых конфигурациях HSTS злоумышленник мог обойти HSTS на поддомене.
Затронутые версии ПО
- Firefox < 122
- Firefox ESR < 115.7
- Thunderbird < 115.7
Тип уязвимости
Обход HSTS
Ссылки
- Issue TrackingRelease Notes
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- Issue TrackingRelease Notes
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
Одно из
EPSS
6.5 Medium
CVSS3
Дефекты
Связанные уязвимости
In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
In specific HSTS configurations an attacker could have bypassed HSTS o ...
In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
Уязвимость реализации механизма HSTS (HTTP Strict Transport Security) браузервов Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю обойти механизмы защиты
EPSS
6.5 Medium
CVSS3